Apple Gets Serious About Plugging Leaks

Share

Apple Computer announced last week that it has sued up to twenty-five anonymous defendants for posting information on the Internet that Apple considers to be proprietary trade secrets. The complaint, filed in a California state court (Superior Court for Santa Clara County, where Apple’s headquarters is located), seeks "an injunction against further disclosure of Apple’s trade secrets as well as monetary damages."

Although I had not received a copy of the actual complaint by press time, published reports and sources indicate that Apple is suing "John Doe 1" for acting, alone or in conspiracy with up to 24 other anonymous defendants ("John Does 2 through 25"), to post confidential information about the Power Macintosh G4 (Gigabit Ethernet) and Apple Pro Mouse before those products were announced. In conjunction, Superior Court Judge Gregory H. Ward issued a subpeona to Yahoo seeking identifying information on two GeoCities Web sites where Apple trade secrets were allegedly posted. (GeoCities is a division of Yahoo Incorporated.)

The concept of suing unknown individuals over revealing truthful information can be confusing, so let’s briefly walk though exactly what’s happening.

Why Apple Cares — MacNN’s report on the lawsuit includes quotations from the complaint Apple filed. (Other reports are available from CNET, TechWeb, and ZDNN.) In part, the complaint says, "In Apple’s experience, public knowledge of future products often lessens sales of existing Apple products. As a result, Apple maintains and protects Future Product Information as a trade secret." Any semi-serious Macintosh watcher knows that Apple keeps details of unreleased products as secret as possible, but sometimes people think this is merely so Steve Jobs can surprise an audience with new product announcements. It’s more involved than that.

The personal computer industry learned early on that being too forthcoming about future plans can affect the present. The Kaypro computer company set the classic example way back in the early 1980s – by revealing details of a hot new machine too far in advance, sales of the company’s existing (and only) model dried up, and delays in the new model left the company with virtually no sales for well over a year. In addition, by the time Kaypro did get its new model out the door, the competition – well-informed of what they could expect – had already nullified most of its competitive advantages. Kaypro held on for another year or two before collapsing completely.

Apple has seen this effect as well, and not just in ancient history. In the just-ended third quarter of fiscal year 2000, Apple posted smaller-than-expected revenues and unit sales, largely due to iMac sales that failed to meet predictions. Apple saw early in the quarter that iMac sales were slowing down, and when analysts asked, Apple CFO Fred Anderson said the company believes it was because iMac customers were waiting for new models – by the end of the quarter, it had been nine months since the last update, when previous updates had come at no more than six-month intervals. Although Apple’s quarter was strong in all other respects, that dip in iMac sales was enough to spawn a string of "Is Apple’s Recovery Faltering?" stories, potentially starting the same kind of self-fulfilling prophecy cycle that sent Apple into the toilet in 1996 and 1997. (You may remember that although Apple had serious business practice issues that needed repair, sales did not drop until the public was deluged with "Apple Is Doomed" stories.)

Given the unique nature of products like the Power Macintosh G4 Cube and the plethora of stories leaking out well ahead of the machine’s announcement – and the observable and repeated effect advance knowledge can have on Apple’s business – the company has apparently decided to play hardball. Apple is already extremely strict with employees who are believed to have leaked information, but in some recent cases, Apple has not been able to find out who’s responsible for the leaks. That’s where the lawsuit comes in.

Anonymous Defendants — It seems counter-intuitive to file a lawsuit when you don’t know who you’re suing. Yet part of the legal process is called discovery, where attorneys for each side query and, via the jurisdiction of the court, subpoena relevant witnesses in an effort to uncover truth. Discovery compels witnesses to answer questions under oath and to surrender information that, without the court’s backing, third parties would never have to reveal.

By filing against unknown persons, Apple is essentially representing to the court that with the full weight of discovery, Apple will be able to determine who the defendants are reasonably quickly, and then will amend the complaint to name them explicitly. That’s not an optional step – it’s not fair to let Apple conduct volumes of discovery with witnesses when the individuals being sued haven’t even been notified of the lawsuit, and they can’t be served with papers until they’re named. (By contrast, consider that criminal charges are rarely filed anonymously in the U.S. – courts frown on the full power of the police not being able to name a defendant, viewing anonymous charges as end-runs around statutes of limitations.)

Look at it from Apple’s point of view. Accurate and confidential information belonging to Apple was posted on the Internet, and the only people who had access to it were under contractual obligation not to reveal it – either as employees of Apple Computer or as third-party developers or business partners who had signed non-disclosure agreements. Someone, or some entity like a corporation, broke a contract by either posting that information or permitting that information to come into possession of a third party who posted it (although in the suit, Apple warrants that it has been informed and believes that John Doe 1, the primary defendant, the one who actually posted the information, is an individual). Apple has legitimate legal cause against that individual, but it has to use discovery to find out that person’s name.

That’s why Apple immediately had Yahoo served with subpoenas for identifying information about two accounts allegedly used to post confidential information on AppleInsider’s bulletin boards. Yahoo may not have correct name and address information for those Web sites or email accounts, but it should have logs of the IP addresses that the owner used to access them. Apple is hoping those addresses will be Apple’s own static IP addresses in its class A address space (17.x.x.x); the company will then map the address back to a specific connection, see who owned it at that period in time, and voila! They’ve found the culprit.

If the IP address belongs to a cable modem, DSL, or even a dial-up modem pool, Apple can then have the ISP subpoenaed to match the IP address at the time the site was created to a given customer record, and that leads to the name of the defendant as well.

Apple’s Real Goal — Once Apple has figured out who leaked the information, I believe that will be the end of the lawsuit. Rather than go to the expense of a trial in a futile attempt to recover money the leaker probably doesn’t have, Apple wants to know who it is so he can be cut off. He’ll be fired for breach of contract if he works for Apple. If he works for a third-party developer or business partner, Apple will pressure that company to fire the leaker as well, upon threat of not getting any more information from Apple or facing a corporate breach-of-contract suit for violating the non-disclosure agreement.

If Apple had intended to go after the sites that published the information, the company might not have filed a California state lawsuit. California has a state shield law that allows reporters to refuse to divulge their sources in civil court proceedings with less fear of being held in contempt of court. The law does not specifically include Web publications, but neither does it specifically exclude them. Either way, the shield law would be an obstacle to Apple’s discovery, defeating the main purpose of filing a complaint. What’s more, the two major rumor sites are both located on the East Coast of the U.S. – AppleInsider with MacNN in Washington, DC, and Mac OS Rumors in Portland, ME. Since California courts have no power to subpoena people more than 50 miles away from where a hearing is held, both sites are by definition outside the jurisdiction of the lawsuit.

That First Amendment Again — When Adobe sued MacNN in late May for misappropriation of Photoshop 6 trade secrets, Adobe took a big PR hit from angry Macintosh users. Some felt Adobe was trying to punish Web sites for its own inability to keep information confidential; others felt it was an abuse of the U.S. First Amendment that grants freedom to the press. In MWJ, we pointed out that no matter how MacNN got the information, the site probably had a First Amendment right to publish it at that point.

Apple, having learned from this dust-up, is going after the people who leaked the information in the first place, not those who published it on the Web. Such a tactic avoids the entire messy issue, with one possible exception: once identified, the defendant could assert that because he posted the information on his own GeoCities Web site, he himself is a publisher. He could then maintain that he got the information from someone else and try to invoke something like the shield law to keep that person’s identity secret. However, if the webmaster is an Apple employee or employee of an Apple business partner, Apple will still fire him or pressure for him to be fired, arguing that even if this person didn’t create the pictures, he surely should have known they were Apple trade secrets. Apple achieves its goal either way.

The strategy also prevents the rumor sites from facing an uncomfortable choice in Federal court – reveal sources or potentially be held in contempt. In the 03-Aug-00 edition of the Wall Street Journal, Piu-Wing Tam quotes Sydelle Pittas, attorney for Ric Ford’s MacInTouch, as saying that Apple’s action against the anonymous source was just fine. "Apple has a perfect right to go after anyone it feels has violated a confidentiality agreement," she said. Pittas’s comments probably shouldn’t be construed as MacInTouch policy towards legal action on sources, but without the protection of something like the California shield law, a publisher risks jail when protecting an anonymous source. That’s a tough choice.

Ironically, had someone leaked information to a traditional media reporter (newspaper, television, magazine) in the state of California, his identity might be beyond Apple Computer’s legal reach. But by posting in public forums with an identifiable account, the leaker has apparently removed the Web sites from the loop – they’re not even asked to divulge his identity because he left enough clues for Apple to find him via subpoenas. Remember that if you’re tempted to bargain your conscience and your contracts for a shot at fleeting Web fame.

[Matt Deatherage is the publisher of MDJ, MWJ, and MMJ – daily, weekly, and monthly subscription-based newsletters for serious Macintosh users. Free trial subscriptions for all three are available. The trial subscription to MMJ contains the full MDJ Power 25 articles in which TidBITS Publisher Adam C. Engst ranked #2 behind Steve Jobs.]